By Adrian Johansen, freelance writer; @AdrianJohanse18.
Anyone who watches the news should be aware of the constant threat of identity theft. Every day, hackers create new scams and tactics to steal private information that they can sell to the highest bidder or use to take out loans and credit cards and put victims in debt. Unfortunately, few industries are as exposed to these threats as the healthcare industry.
Every time someone goes to the doctor, they are sharing personal details with their medical provider and other staff, which gets logged into a computer for later — and hackers are eager to unlock this treasure trove of private info. As technology advances, so will the threats, so extra precautions will be necessary. Below are the threats coming down the pike and how to prevent them.
Emerging Healthcare Threats
Healthcare will always be a huge target for cyber thieves simply because of the pure amount of information that is created with every doctor’s appointment or surgical procedure. An emerging threat that is gaining steam is ransomware attacks, where hackers take control of patient data with the hope of illegal profit.
Just one example includes how, early in 2019, hackers gained access and encrypted the data within the computer system of provider NEO Urology. Fearing the worst, the staff paid the requested $75,000, and the data was freed. It was a painful price to pay for a threat that could have been avoided.
All it takes is one successful scheme to bring the criminals out of the woodwork. Since the NEO hack, several other ransomware attacks have occurred around the country, including instances in New York and California, where thousands of patient records have been compromised. When these attacks occur, it is not only patients that face the consequences, but also the business, as the cost to repair a corporate image and fix the damage could cost a company millions.
New technologies are on the horizon, but they too must be safeguarded from cyber threats. Lately, the idea of integrating artificial intelligence into hospitals has been gaining steam, as experts believe that this technology could limit the number of hospital errors as well as assist with earlier detection of medical issues. However, while this technology continues to evolve, it is still open to the risk of cybercrime.
As a first step to securing your hospital systems, a penetration test should be completed. Penetration testing involves inspecting your system for vulnerabilities, such as weak firewalls or poor security policies, and creates a report, so you know what to fix to protect patient information involved. Your baseline security should be intact before adding any new features.
Security and Mobile Devices
Another breakthrough at the forefront of the medical field is the advancement of health technology for smartphones that the everyday consumer can use to keep their health in check. For instance, patient engagement programs like Kidney Cancer Planner allow patients to access their treatment plans and communicate with their doctors.
Then there are healthy living apps such as Quitter’s Circle, which provides information to help smokers quit for good. These are amazing apps, but when they include private data, they still open the door for cybercrime. If your organization creates an app, it must be designed with security in mind, which includes requiring passwords for access.
As with other industries, many health practices are turning to a Bring Your Own Device (BYOD) atmosphere where employees take their phones and tablets to work and use them in the office. Industries are turning to this culture because it can increase worker satisfaction and save stress for IT professionals since they aren’t expected to fix someone’s broken personal device. However, mobile security requires additional caution.
Mobile devices should be secured with a password at a minimum, and they should not leave the sight of the owner. Users should be cautious when using mobile devices in public places like coffee shops because criminals can set up fake Wi-Fi accounts that open a doorway to the data on your device. Your best bet is to use a virtual private network so hackers cannot easily pinpoint your location. The hospital should also ensure that all users are encrypting their data so it cannot be used even if it is stolen.
As increasing threats continue to surface, a new, potential remedy is coming to the forefront in the form of blockchain technology. A blockchain may change how patient data is protected because it is literally a chain of individual pieces of data that are secured independently. So, if each patient had their own block, they would each control what data could be added by supplying their own personal electronic key. Data cannot be changed or deleted in a blockchain, and if a doctor wishes to view the information, the patient would also be made aware and would have to give their consent.
While blockchain is not seeing widespread use at the moment, the technology is raising eyebrows. In addition to healthcare, the tech is also being used by travel companies to ensure accurate bookings, and it may even be used in future elections to eliminate voter fraud. However, even if your medical practice isn’t on the blockchain bandwagon yet, there are many common-sense solutions that you can enact now to protect your patient data from cybercrime.
Start by having well-maintained backup systems in place. These servers should be located offsite and should not be connected to the main computing system, so the data cannot be wiped out if a virus hits a mainframe computer. Proactive protections must be put in place to limit the potential for viruses, either through updated virus software or protective firewalls. Employee education is also essential, so workers do not unintentionally open the door to cyberthieves.
A common tactic used by hackers against employees, specifically, is phishing emails that look like legitimate communications but usually include a malicious link. If clicked, the link can open a path to the data on that machine and even your entire network depending on how complex it is. Employees should be aware of the signs of phishing emails:
- An email address that is off by a letter or two or contains a symbol in place of a letter.
- Misspelled words in the subject or body.
- An email with a link or attachment that they were not expecting.
While threats to the healthcare industry are varied, with advancing technology and awareness, the damage can be mitigated. In the end, it is the least that providers should do for the patients that put so much trust in their medical practice.